Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: DDOS Attacks UDP files comeing in please take a look at this Combofix


04 Aug 2012   #11

64bit windows 7 ultimate
 
 

Heres the OTL




Code:

OTL logfile created on: 8/4/2012 3:52:15 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\George\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 31.37% Memory free
8.00 Gb Paging File | 4.32 Gb Available in Paging File | 54.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 418.83 Gb Free Space | 89.92% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 678.92 Gb Free Space | 97.18% Space Free | Partition Type: NTFS
 
Computer Name: GEORGE-PC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/04 15:50:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
PRC - [2012/08/03 21:45:17 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/08/02 22:05:35 | 009,338,880 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.172\deploy\League of Legends.exe
PRC - [2012/08/02 21:43:45 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/08/02 20:00:54 | 000,830,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012/08/02 20:00:53 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/05/29 11:45:18 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2012/05/29 11:44:58 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.88\deploy\LoLLauncher.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/15 15:39:14 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.186\deploy\LolClient.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/05/20 15:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/02 22:05:38 | 000,933,888 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.172\deploy\rads.dll
MOD - [2012/08/02 22:05:35 | 009,338,880 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.172\deploy\League of Legends.exe
MOD - [2012/08/02 21:43:45 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/08/02 20:39:57 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/08/02 20:39:56 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/08/02 20:39:56 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/08/02 20:39:56 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/08/02 20:39:56 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/02 20:00:54 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012/08/02 20:00:53 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/07/13 17:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/29 11:45:18 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2012/05/29 11:44:58 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.88\deploy\LoLLauncher.exe
MOD - [2012/04/19 12:27:44 | 004,770,176 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.186\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/02 21:43:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 20:39:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/02 20:00:54 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/08/02 20:00:55 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 48 2D AE 23 71 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={4AC2DFE6-F516-4C6D-95C5-6E3BD714D363}&mid=29de4ac1d32d47d09a13d15426031e33-ab1b3fb1408cf3ed284bd96717258c376d81391a&lang=en&ds=AVG&pr=pr&d=2012-08-02 20:00:55&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/02 20:00:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/08/02 20:01:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/02 20:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/08/02 20:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2012/08/02 20:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/08/04 12:22:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5576EBBA-FCA3-40A4-9925-F5989744DC35}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/04 15:50:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2012/08/04 13:19:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/04 12:25:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/04 12:13:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/04 12:13:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/04 12:13:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/04 12:13:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 12:13:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/03 19:49:27 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/03 19:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/03 19:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/03 19:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/03 13:52:12 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\SIX_Projects
[2012/08/03 13:51:17 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\ArmA 2 OA
[2012/08/03 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\George\Documents\ArmA 2
[2012/08/03 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\ArmA 2
[2012/08/03 13:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/08/03 13:48:50 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/08/03 13:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2012/08/03 13:45:41 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\six-updater
[2012/08/03 13:45:40 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\six-zsync
[2012/08/03 13:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects
[2012/08/03 13:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects
[2012/08/03 13:44:58 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Downloaded Installations
[2012/08/03 13:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/02 22:13:35 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\LolClient
[2012/08/02 21:18:33 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/08/02 21:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/08/02 21:18:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/08/02 20:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012/08/02 20:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012/08/02 20:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2012/08/02 20:49:25 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Macromedia
[2012/08/02 20:49:25 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Macromedia
[2012/08/02 20:49:25 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Adobe
[2012/08/02 20:47:53 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/02 20:47:40 | 000,000,000 | ---D | C] -- C:\Boot
[2012/08/02 20:45:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/08/02 20:45:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/02 20:42:19 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/08/02 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/08/02 20:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/08/02 20:38:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/08/02 20:33:02 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Skype
[2012/08/02 20:32:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/08/02 20:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/02 20:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/08/02 20:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/08/02 20:28:34 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Ventrilo
[2012/08/02 20:27:58 | 000,000,000 | ---D | C] -- C:\Users\George\Desktop\League of legends
[2012/08/02 20:27:03 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\PMB Files
[2012/08/02 20:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/08/02 20:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/08/02 20:25:40 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2012/08/02 20:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2012/08/02 20:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/02 20:10:25 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Mozilla
[2012/08/02 20:10:25 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Mozilla
[2012/08/02 20:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/02 20:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/02 20:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/02 20:01:20 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\AVG2012
[2012/08/02 20:01:06 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\AVG Secure Search
[2012/08/02 20:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/02 20:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/02 20:00:55 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/02 20:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/08/02 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/08/02 20:00:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/08/02 20:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/02 20:00:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/08/02 20:00:25 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/08/02 20:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/08/02 19:57:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/08/02 19:57:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/08/02 19:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/02 19:56:21 | 000,000,000 | R--D | C] -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/02 19:56:21 | 000,000,000 | R--D | C] -- C:\Users\George\Searches
[2012/08/02 19:56:21 | 000,000,000 | R--D | C] -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/02 19:56:21 | 000,000,000 | -H-D | C] -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/02 19:56:13 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Identities
[2012/08/02 19:56:11 | 000,000,000 | R--D | C] -- C:\Users\George\Contacts
[2012/08/02 19:56:10 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\VirtualStore
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\AppData\Local\Temporary Internet Files
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\Templates
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\Start Menu
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\SendTo
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\Recent
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\PrintHood
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\NetHood
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\Documents\My Videos
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\Documents\My Pictures
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\Documents\My Music
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\My Documents
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\Local Settings
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\AppData\Local\History
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\Cookies
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\Application Data
[2012/08/02 19:56:00 | 000,000,000 | -HSD | C] -- C:\Users\George\AppData\Local\Application Data
[2012/08/02 19:55:59 | 000,000,000 | --SD | C] -- C:\Users\George\AppData\Roaming\Microsoft
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\Videos
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\Saved Games
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\Pictures
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\Music
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\Links
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\Favorites
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\Downloads
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\Documents
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\Desktop
[2012/08/02 19:55:59 | 000,000,000 | R--D | C] -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/02 19:55:59 | 000,000,000 | -H-D | C] -- C:\Users\George\AppData
[2012/08/02 19:55:59 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Temp
[2012/08/02 19:55:59 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Microsoft
[2012/08/02 19:55:59 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Media Center Programs
[2012/08/02 19:54:21 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/08/02 19:51:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/02 19:49:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/02 19:48:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/04 15:50:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2012/08/04 15:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/04 15:21:39 | 102,995,907 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/04 15:21:00 | 000,026,728 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/04 14:41:02 | 000,387,250 | ---- | M] () -- C:\Users\George\Desktop\Untitled.png
[2012/08/04 13:24:02 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 13:24:02 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 13:23:12 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/04 13:23:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/04 13:23:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/04 13:18:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 13:18:55 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 12:22:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/04 12:13:09 | 000,007,624 | ---- | M] () -- C:\Users\George\AppData\Local\Resmon.ResmonCfg
[2012/08/04 03:49:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8402c268-805d-4ad8-aa3a-3e159ce5bf98.job
[2012/08/04 02:00:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7c6df976-724d-4c84-9c32-d2218777cfe0.job
[2012/08/03 19:49:23 | 000,001,667 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/08/03 13:45:25 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012/08/03 13:45:25 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012/08/02 21:21:47 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/08/02 20:47:41 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/08/02 20:38:15 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/08/02 20:32:59 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/02 20:25:41 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/08/02 20:25:40 | 000,000,917 | ---- | M] () -- C:\Users\George\Desktop\Ventrilo.lnk
[2012/08/02 20:10:20 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/02 20:01:02 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/02 20:00:55 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/02 20:00:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/02 20:00:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/02 20:00:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/02 19:57:07 | 000,001,441 | ---- | M] () -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/02 19:53:16 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/02 19:52:15 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/08/02 19:52:15 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2012/08/04 15:21:39 | 102,995,907 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/04 15:21:00 | 000,026,728 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/04 14:41:02 | 000,387,250 | ---- | C] () -- C:\Users\George\Desktop\Untitled.png
[2012/08/04 12:13:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/04 12:13:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/04 12:13:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/04 12:13:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/04 12:13:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/03 19:49:30 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8402c268-805d-4ad8-aa3a-3e159ce5bf98.job
[2012/08/03 19:49:29 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7c6df976-724d-4c84-9c32-d2218777cfe0.job
[2012/08/03 19:49:23 | 000,001,667 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/08/03 13:45:25 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012/08/03 13:45:25 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012/08/02 21:32:06 | 000,007,624 | ---- | C] () -- C:\Users\George\AppData\Local\Resmon.ResmonCfg
[2012/08/02 21:21:47 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/08/02 20:47:41 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/08/02 20:47:40 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2012/08/02 20:45:48 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/02 20:38:15 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/08/02 20:32:59 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/02 20:25:40 | 000,000,917 | ---- | C] () -- C:\Users\George\Desktop\Ventrilo.lnk
[2012/08/02 20:25:36 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/08/02 20:10:20 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/02 20:10:20 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/02 20:01:02 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/02 20:00:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/02 20:00:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/02 20:00:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/02 19:57:07 | 000,001,441 | ---- | C] () -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/02 19:56:26 | 000,001,413 | ---- | C] () -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/02 19:56:23 | 000,001,447 | ---- | C] () -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/02 19:55:59 | 000,000,290 | ---- | C] () -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/02 19:55:59 | 000,000,272 | ---- | C] () -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/02 19:54:54 | 000,171,136 | RHS- | C] () -- C:\grldr
[2012/08/02 19:51:55 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/08/02 19:51:48 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/08/02 19:48:56 | 3220,529,152 | -HS- | C] () -- C:\hiberfil.sys
 
========== LOP Check ==========
 
[2012/08/02 20:01:20 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\AVG2012
[2012/08/02 22:13:35 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\LolClient
[2012/08/03 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\six-updater
[2012/08/03 13:45:40 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\six-zsync
[2012/08/04 11:48:37 | 000,002,850 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/04 02:00:00 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7c6df976-724d-4c84-9c32-d2218777cfe0.job
[2012/08/04 03:49:00 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8402c268-805d-4ad8-aa3a-3e159ce5bf98.job
 
========== Purity Check ==========
 
 

< End of report >


My System SpecsSystem Spec
.

04 Aug 2012   #12

64bit windows 7 ultimate
 
 

and heres the Extras budy


Code:



OTL Extras logfile created on: 8/4/2012 3:52:16 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\George\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 31.37% Memory free
8.00 Gb Paging File | 4.32 Gb Available in Paging File | 54.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 418.83 Gb Free Space | 89.92% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 678.92 Gb Free Space | 97.18% Space Free | Partition Type: NTFS
 
Computer Name: GEORGE-PC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3CE3C330-4DA1-429F-A8EB-7A1D638C5D89}" = lport=56754 | protocol=17 | dir=in | name=pando media booster | 
"{5090A6DB-16B3-4A4A-9225-F6062A3590FE}" = lport=56754 | protocol=17 | dir=in | name=pando media booster | 
"{5695E358-1C45-4ECB-B6CC-4E1832E87F0D}" = lport=56754 | protocol=6 | dir=in | name=pando media booster | 
"{75CD913E-97DB-4533-B0C8-483F1C94BE0E}" = lport=56754 | protocol=6 | dir=in | name=pando media booster | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E9913C-0776-4439-A926-29D061291DB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{0CF236AF-D9DE-42DE-B5DE-B0673F0AA59A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{16614AD4-87D5-4064-8DC6-821A3332F11B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{17C77753-3354-4388-9AB5-3FB85D3A8578}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{1A7693ED-E60C-4932-9715-47939A62F9F2}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{2324ED00-5E36-4C15-8D81-1E1F2E2491B5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{2C9084F6-62A4-493D-B98F-F80537FB355A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{35B53E6D-E6BF-4F4B-B247-2F7D6040BE81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{3F743A02-D322-4DD3-B4CA-49A3246EF8E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{423A5E21-871E-476D-8923-E9CB2434EF73}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{4F32A7E1-4757-4638-A5B9-2998D5409433}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{588E71D3-BFD6-4C0C-BE08-218D9320E329}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{59A90BF7-5504-482A-B650-E45ADBB63D1A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{6E4C6860-DAF1-4D8A-91DD-148276EED01E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6F2FE362-F4E0-4948-A288-EF57A5A89C9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{71EF7954-27CF-491C-B93C-E0B0B445DF15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{78A59F87-1FAF-42C0-954C-B070A19F9DFD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{8E12E6C3-A278-49AF-9A6D-BB88A6EBB9C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{8FC35537-4317-4D5E-895D-4AFA3FE78363}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{9115C807-0B34-450F-AE05-16D85577A3E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9824FC1D-F47A-4CCF-B4B4-9419372607DE}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{999BB49C-3FC6-4425-A377-51A19A15E290}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{9F06E30F-1754-4605-A436-6175774E3786}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AACE2214-6B97-4D6C-B29A-C6969A87BEA7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{B25A3FF1-D1CE-48CC-8ADE-D590930BDCDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{B6449BD9-7B0A-4ACD-9630-CDA751659A17}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{B9980F59-FE65-47D2-9A71-DFCCDB58530A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{C6F08C5A-3BBB-490F-B82D-B54552C3136D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C7DD78AA-9579-418E-9E1D-88FBB3B97F82}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{D0916A21-277D-48CA-8AFE-2143FE6B9ACC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{D53F4004-ECE7-412C-9CC0-8AB11098504A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DEA9741C-A73C-4CC0-B112-1DBB717AFBD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{F41C6923-1BDD-4694-817E-9BFF5A0A09B4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{FA2046EC-F2F6-4583-B2DC-FA488B3544EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 33900" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/3/2012 2:35:34 AM | Computer Name = George-PC | Source = Application Error | ID = 1000
Description = Faulting application name: League of Legends.exe, version: 1.0.0.144,
 time stamp: 0x50184a2e  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000000  Faulting process id:
 0x13e0  Faulting application start time: 0x01cd713f2ec7c5ac  Faulting application path:
 C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.172\deploy\League
 of Legends.exe  Faulting module path: unknown  Report Id: 6d5f25a3-dd35-11e1-923b-001d60e7f7c0
 
Error - 8/3/2012 2:36:01 AM | Computer Name = George-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rads_user_kernel.exe, version: 0.0.0.0,
 time stamp: 0x4e65c1ac  Faulting module name: rads_user_kernel.exe, version: 0.0.0.0,
 time stamp: 0x4e65c1ac  Exception code: 0xc0000005  Fault offset: 0x000b8554  Faulting
 process id: 0x157c  Faulting application start time: 0x01cd71423fd3f5e1  Faulting application
 path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe  Faulting 
module path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe  Report
 Id: 7d981062-dd35-11e1-923b-001d60e7f7c0
 
Error - 8/3/2012 2:36:04 AM | Computer Name = George-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rads_user_kernel.exe, version: 0.0.0.0,
 time stamp: 0x4e65c1ac  Faulting module name: rads_user_kernel.exe, version: 0.0.0.0,
 time stamp: 0x4e65c1ac  Exception code: 0xc0000005  Fault offset: 0x000b8554  Faulting
 process id: 0x102c  Faulting application start time: 0x01cd714241a169a2  Faulting application
 path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe  Faulting 
module path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe  Report
 Id: 7f5d6db5-dd35-11e1-923b-001d60e7f7c0
 
[ System Events ]
Error - 8/4/2012 2:49:37 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Server service, but this action
 failed with the following error:   %%1056
 
Error - 8/4/2012 2:49:54 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Windows Event Log service,
 but this action failed with the following error:   %%1056
 
Error - 8/4/2012 2:50:37 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Windows Management Instrumentation
 service, but this action failed with the following error:   %%1056
 
Error - 8/4/2012 2:50:37 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Multimedia Class Scheduler
 service, but this action failed with the following error:   %%1056
 
Error - 8/4/2012 2:50:37 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the IKE and AuthIP IPsec Keying
 Modules service, but this action failed with the following error:   %%1056
 
Error - 8/4/2012 2:50:37 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Computer Browser service, 
but this action failed with the following error:   %%1056
 
Error - 8/4/2012 2:50:54 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the DHCP Client service, but this
 action failed with the following error:   %%1056
 
Error - 8/4/2012 3:16:30 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 8/4/2012 3:20:39 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 8/4/2012 3:21:56 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error: 
  %%126
 
 
< End of report >
My System SpecsSystem Spec
04 Aug 2012   #13

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

Try disabling Steam and League of Legends. These two are the only particularly heavy network users on that list Stop the processes or exit the programs, then see if AVG is still kicking up a fuss.

Tom
My System SpecsSystem Spec
.


04 Aug 2012   #14

64bit windows 7 ultimate
 
 

could anyone give me a hand with this ?? just trying to figure out why my avg is blocking over 100 difrent ip adresses per sec.
My System SpecsSystem Spec
20 Sep 2012   #15

Windows 7 Ultimate x64
 
 

I had nearly the exact same symptoms as the OP. I at first thought it was a DOS attack and or infection trying to DOS someone else. I couldn't access the internet, and my router's Active IP port table was 5012 out of 4096 slots. 99.9% of that IP port table on my router were destined for port 5535 UDP.

Through resource monitor and process explorer, I eventually nailed it down to svchost.exe running for the NetworkService, and specfically, the process group included Dnscache. Watching the network resource monitor, I could see this process spitting out around 4900+ B/sec. Upon stopping the services, I noticed this begin to fall immediately. It later went back to 5kbs when the system restarted the service.

I ended up disabling the Dnscache service, as this machine has no need to register into an active directory managed DNS server. This immediately lowered my outgoing packets to nearly nill, and the router began to free up slots in it's IP ports table.

So, that is more than likely the reason you see a ton of 5535 UDP packets going out in rapid succession. I believe this to be a MS bug, predicated on lost of the route. In my case, what started all this was my cable modem 'freezing' during a large amount of torrent transfers. I originally didn't even check the cable modem connection, as my routers maxed out active port table freaked me out.

I reset my cable modem, and was back online. I also re-enabled the DNScache service, and it acted 'normally'. That is, I didn't see it try to send 5kBs out towards my router. More than likely, it's a race condition based on the UDP packets probably getting a ROUTE_NOT_FOUND GATEWAY_NOT_AVAILABLE or some such message, and it's immediately trying to send another packet without a back-off timer ( UDP lacks that by default in most TCP/IP stacks, where TCP generally has agreed upon back-off rules ).

This post is more for posterity, as my guess is this thread being a month old, your problem fixed itself.

-malakai
My System SpecsSystem Spec
Reply

 DDOS Attacks UDP files comeing in please take a look at this Combofix




Thread Tools



Similar help and support threads for2: DDOS Attacks UDP files comeing in please take a look at this Combofix
Thread Forum
Help stopping UDP/Ddos attacks System Security
Solved Multiple DDoS attacks prevention? System Security
DDoS Attacks: Size doesn’t matter Security News
Binary Planting Attacks Extend to EXE Files News
Unfashionable DDoS attacks still menace websites. Security News
DDoS Attacks Are Back. Security News
Malware Responsible for DDoS Attacks Deletes Data on Ho Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:26 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33